tv Global Cybersecurity CSPAN November 11, 2014 11:06pm-11:49pm EST
very important so forever it takes to get that private sector peace sometimes that is what we mess -- and this. >> is a legislative item next year it will be more difficult i think what we hear from board members is they have to have that safeguarded place or there will be a boom during back to them that is less positive. we have such an opportunity to maybe get some things
done. we just want to have a shot and if there is an opportunity we would like to try that. but let me ask about it hands of security services program as critical infrastructure that was mentioned in terms of bilateral sharing i think the thing is like information sharing to provide safeguards would help to foster that? at least we think legislation information sharing they could utilize the framework? apple thinking it is written in legislative text which is
to take on a cybersecurity services? >> so it can't cybersecurity services projects private industry with classified information so 10 years ago we found a way to use those indicators for the private sector industry so though way that is scalable is the security providers have the ability to see those bad guys to make more intelligence to compete with others so it is more different than the information and discussion
clicking and manage providers because classified information is difficult to manage when it works it works. i still like to look at things if you had won the event that created a lot of norway's had to make that case to protect private sector? had you make that information into recognize that wealth of the open source? that is one piece that has a lot of attention because it takes a lot to roll it out but one is a new type of service the other is
classified information. >> one it to move onto harmonizing relationships but when deal was said washington had a workshop their richening that was one of his priorities to like that one of the different rules to compare them to see how things could be streamlined in terms of process i interested the business panels' thought how do you look at that issue? david? you have the framework and the model how do you look at
that issue? >> actually has mandatory severs security standards as the corporation since under the commission ioc anything in the framework they think they just build with each other. the biggest conflicts is that we're regulated at the state levels. but in the absence of standards there is the potential for them to have their own individual standards that could create conflicts we see where they may occur but we're more concerned at the state level then within the federal.
>> what about the framework? >> has been very positive it provides flexibility and allows us to demonstrate in favor ever challenged me to do that framework. we're doing everything that is prudent to protect our access. >> financial-services sector have iteration security have do they try to harmonize that framework? what does that look like? >> sova get the guidelines and opportunities to
harmonize conflict being terrors associate with informations security. then to have greater clarity to look at the institution even with the additional guidelines and standards that they use. working within that sector as well as certain agencies. >> we hear from members more or less would like to get credit from cyberregulations that day are encumbered with so they don't have to do multiple tasks where they feel they're more into compliance.
>> up until seven months ago i was of the other side of this as the council but the framework was just released but the way it has evolved would be a tremendous benefit to fiddle services firm to be regulated because sometimes there is a lack of transparency in terms of what you are held to with the regulated industry but the framework used this something that is a little more objective to talk about as a basic standard eliot the department of commerce have been talking to representatives around the world to engage them in
there is a panel on this to think about the framework of intermodal bull regulated industry that would be a tremendous benefit. >> let's ask about deterrence it isn't easy we have been looking at the state department and national security adviser report that came down this summer it is referenced from comments in your materials looking at cooperating on cybercrime as a first up to explore a consensus indian singing the situation awareness. they offer general
recommendations but thinking of a continuous -- to continue on to use the framework to show a -- share information moving away from passivity may be the fbi indictment against the chinese hackers but maybe be less attractive and the continuance you may have frustrated enterprises we're more about commerce said less about conflict but on the other hand, you may have congress wanting to do something in response to the attacks to legislate a program that would hinder trade investment.
add restart making the terence's? >> your positioning is the spectrum from passive defense to a more active defense are responsive defense than moving into disruption of factors. i would like to see a very measured approach and there is enough value from perimeter protection to patch that software to manage in active approach to defense with the continuous diagnostics that active defense is sufficient for right now the potential for inadvertent harm with
collateral damage if you'd do go on offense to someone that has been compromised see it that proxy e. and that liability has not been sorted out yet so i advocate to go slow as well as the sufficient benefit from passenger active defense we can accomplish quite a bit for the spectrum. >> and to push back so any thoughts for you? >> as global as into chutes are doing business in the market, if you can hum of -- have that high level of fidelity it needs to be
thought through very carefully to conduct activities on how that might work with the private sector's role is it is a conversation that needs to be done very carefully. >> changing the cost it remains true there are software programs that skean the web that finds servers that are connected so if it is not you will not be the target of that. it does remain true many of the incidents even very high profile start with a female.
in that sense some of the very simple things to trade their employees, and know what is there going to default security measure can make a big difference there from the perspective to change that cost and if there are targets of opportunity to deny them that opportunity to attack. >> so all of these conversations go into the framework as killing the profit model for all that goes into making it less were set even more to make us less resilient because even then something would still have been so how hard
is that to take you out? pierces the more her greasy and the useless attacks it through that exchange of information how we may can build systems to hire the best and brightest and change the security for those infrastructures and that point the opportunity goes away with a profit model. >>. >> we're very much focused on defense if you look at what we are with critical and for structure, most attacks are likely to come from actors from the terrorist motivation and we know the capabilities and our strengths not to take on an organization like that
but to defend the perimeter to understand but as far as reaching now that is not what we're focused on. >> as someone who is involved building to the point is very complicated and hard and will require effort that we are engaged but you take it to another step is that all level of complexity that there is no road map? that is something we have to look as a people very, very carefully before they ever it engaged in that. >> i just want to thank our
panelists. i guess you have an open-ended invitation to join us. meanwhile thanks for taking the time to our sponsors though, american express, ddi and. makes her you say hello we cannot do the event without their support so give them a round of applause. [applause] >> you heard a lot of good erasion about the cyberframework and with a host of others i want 2.0 in the handouts that you received you can find more information to the program
>> i am just calling to tell you how much i enjoy a q&a everything stops in my world i'd turnoff my phone i get my coffee it is the most enjoyable hour on television >> it is informative with good opinions i enjoy listening to them and the comments. he was very accurate and don point. he did not use his own personal innuendoes and i agree the enjoyed it. i hope you have more gas like that. but he was right on target this morning. >> like call to say that i think c-span is wonderful
[inaudible conversations] once again the welcome back to the cedras security conference so that -- a sum the. turning over to this senior technology per pfizer there will talk about the global and international issues surrounding severs security policy then we will take a break and a transition into lunch. please write down in the questions you have for admiral rogers. i am sitting up here so bring them up to meet. but with fats leading the framework of development and partnership it has done a terrific job and we're happy to have him here today. >> thanks for having me here
today that title is international dynamic with the partnerships a and innovation so how we develop policies but also think about global the gimmick but also to encourage innovation so joining me today we have from the department of state and also from microsoft from the european parliament in the former minister of state at the home office in the u.k. government. so touche started things off to take a similar approach from the last panel to ask
each panelist to say a few words about their role or organization and how relates to cybersecurity. >> i and tom the deputy coordinator at the state department as a relatively new office at the same time the white house penelope strategy for cyberspace it was created to have a course cyberfocus that would help to execute the priorities and strategies with the full range of cyberissues and economic development with international security growing from a core group of five -- by the at the 20
focusing on a wide range but typically on helping to spread the message to create a culture around the world and this was highlighted in the international strategies it states the critical of the structure that is used a lot of things i could come back to later but there is a robust diplomatic effort that the u.s. state department needs in cooperation with civil society to create the right kind of environment with a key products we try to help the rest of the world see the benefit to adopted corporate.
>> the queue for the wonderful work on severs security bet with that policy and a few other issues i focus not just on the u.s. but the international markets for simple reasons everybody knows how global severs security is but with the company like your - - or call that the database or the server or the class of solution to grow toward german bank to ecevit -- lee by vocally and sold globally. with their requirements and standards is different from
public to private sector is at best a problem at worst the impossibility. it affects not just the business model but how we think to be aware with innovation of $5 million r&d every year but if we could leverage that the economy of scale around the world. so let's get that framework the fact it is international because the customers are coble so the content based on international standards at that time is just the right approach and house
cybersecurity is best managed. >> afternoon i'd like to say thank-you to the chamber for hosting a said they're ready in the audience. i am a director of cybersecurity policy and strategy at microsoft. in that role i have a variety as issues supply chain risk-management to international security issues that microsoft we learn the cybersecurity policy work so we can bridge that security expertise to help them manifest to take demonstrable results to manifest in the policy of environment.
prior to that led theurgy markets quite frequently to asia in critical infrastructure and cybersecurity issues one of the reasons we think it is important it is an example to leverage public/private partnership that could be applicable and that is what i will talk about today. >> i am an officer at the washington d.c. office. it is the only office established by the parliament outside the e.u.. first of all, to the chamber of commerce to invite me to stay.
but our like to talk about that european parliament. our organization is for the european union for the council which are the representatives of government and our legislative role when compared to the u.s. but it is because achieving a high level of cybersecurity is part of the digital single market. i want to add as well it has differed slightly from the american one that by the
executive body of the european commission. sova talk about those initiatives with the commission in discussing the parliament but that is part of the private sector. but since i left the home office but then to put it back to affairs and i am currently chairman to headed by hillary -- the advisory panel but to see in the city of london in then a powerful
but frankly with that new industry but actually from the outset is multi disciplinary and they all contribute to the industry and are actually on the same page. >> for guyana's senior vp for the security markets. let me just do of a quick introduction. sova to focus on the accessibility of elway to explain that concept is everybody knows google is
the company it is also a verb. and also it could be used as a word also to get your machine data from network servers and so on and so forth. it is easy to understand the logs and defense of risk management that is what we set out to do. one of the things the framework has brought that industry, that kind of language. but to find those solutions and how to develop. so that is the ability to protect and monitor and most
importantly into the area is of the unknown to get that access of the data information to reduce the amount of time you need to respond to incidents so it is global for multiple reasons. it is no borders or boundaries and the customers we serve our global as well with multinational characteristics and we facilitate that to support that is even more strict so
in the way that what we do through chemical bold nature of what we work with from the panel as well to have the battle against the adversaries and it is to better facilitate the system coming to you gathered to get that visibility that is sell whole based approach. >> based on their reactions to what they think. not only are you eight
months. is there a general international maraniss for similar policies for public private partnerships and the essence of the initial reaction? >> i'd to seeing here is a fairly high degree of awareness. as i said airfare going ellis' government customers in different places around the world. most places to india and korea and japan and each environment those enterprises and small businesses and government policy makers are aware of the framework where people may not understand what the
free market is for those their relevant to have this conversation. one is who developed the framework? some people call them the miss framework so internationally how is this developed? government or industry? is the concern because the other entity is not a fault but it wasn't a traditional public-private partnership but eschew the multistate colder approach with the government assist from the u.s. and private sector and from other countries and that hacker in security community involved that it
is important so with that general risk management approach that is outlined in the executive order in the risk management approach and we think that outcome that is not what the framework does but there is of voluntary mechanism so to expect every country around the road will take this same approach. but with that risk-management approach to
policies that your very different we have a tendency to put more trust and experience with public-private partnerships with that comfort level and experience which is unfortunate because the policy is where those public-private partnerships are most likely to be effective. >> can you give us some perspective and how that relates to policies here in the u.s.? >> we decided to regulate certain things. the important thing is to highlight the regulation is
not yet complete. over 66 percent of stakeholders were in favor of that severs security and over 84 percent of respondents so that'd say culture that is important to highlight. and the two main instruments that we have put in place place, the first is a proposal between the parliament and the council. that was headed up already